Polymorphic malware detection using sequence classification methods and ensembles

Drew, Jake; Hahsler, Michael; Moore, Tyler

doi:10.1186/s13635-017-0055-6

Cited by 45 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Algorithm 1 is a straightforward implementation of signature de nition (9). First, the signature components are initialized with in nity.…”

Section: Bagminhash Algorithmmentioning

confidence: 99%

“…In the oncoming sections we will describe methods to make the calculation of the new signature much more e cient. e signature components de ned by (9) are all nonnegative real numbers. However, as mentioned in Section 1.1, integer values with a prede ned number of bits are o en more preferable.…”

Section: Bagminhash Algorithmmentioning

confidence: 99%

“…Poisson processes have some nice properties. Points can be generated in ascending order, because distances between Algorithm 1: Straightforward implementation of signature de nition (9).…”

Section: Interpretation As Poisson Processmentioning

confidence: 99%

See 2 more Smart Citations

BagMinHash - Minwise Hashing Algorithm for Weighted Sets

Ertl

2018

Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery &Amp; Data Mining

View full text Add to dashboard Cite

Minwise hashing has become a standard tool to calculate signatures which allow direct estimation of Jaccard similarities. While very e cient algorithms already exist for the unweighted case, the calculation of signatures for weighted sets is still a time consuming task. BagMinHash is a new algorithm that can be orders of magnitude faster than current state of the art without any particular restrictions or assumptions on weights or data dimensionality. Applied to the special case of unweighted sets, it represents the rst e cient algorithm producing independent signature components. A series of tests nally veri es the new algorithm and also reveals limitations of other approaches published in the recent past.Sometimes it is more convenient to represent objects as bags also known as multisets, where each element is associated with a nonnegative weight. For example, words or shingles in text documents

show abstract

“…Algorithm 1 is a straightforward implementation of signature de nition (9). First, the signature components are initialized with in nity.…”

Section: Bagminhash Algorithmmentioning

confidence: 99%

Section: Bagminhash Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

BagMinHash - Minwise Hashing Algorithm for Weighted Sets

Ertl

2018

Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery &Amp; Data Mining

View full text Add to dashboard Cite

show abstract

“…Even though the Jaccard and minHash sketches are regularly used as a measure of the k-mer content similarity in computational biology software, the weighted Jaccard similarity has been heavily studied and used in other contexts, such as large database document classification and retrieval (e.g., Manasse et al, 2010;Shrivastava, 2016;Wu et al, 2017), near duplicate image detection (Chum et al, 2008), duplicate news story detection (Alonso et al, 2013), source code deduplication (Markovtsev and Kant, 2017), time series indexing (Luo and Shrivastava, 2017), hierarchical topic extraction (Gollapudi and Panigrahy, 2006), or malware classifcation (Drew et al, 2017) and detection (Raff and Nicholas, 2017).…”

Section: Weighted Jaccard and Omhmentioning

confidence: 99%

Locality sensitive hashing for the edit distance

Marçais

DeBlasio

Pandey

et al. 2019

Preprint

View full text Add to dashboard Cite

Motivation: Sequence alignment is a central operation in bioinformatics pipeline and, despite many improvements, remains a computationally challenging problem. Locality Sensitive Hashing (LSH) is one method used to estimate the likelihood of two sequences to have a proper alignment. Using an LSH, it is possible to separate, with high probability and relatively low computation, the pairs of sequences that do not have an alignment from those that may have an alignment. Therefore, an LSH reduces in the overall computational requirement while not introducing many false negatives (i.e., omitting to report a valid alignment). However, current LSH methods treat sequences as a bag of k-mers and do not take into account the relative ordering of k-mers in sequences. And due to the lack of a practical LSH method for edit distance, in practice, LSH methods for Jaccard similarity or Hamming distance are used as a proxy. Results: We present an LSH method, called Order Min Hash (OMH), for the edit distance. This method is a refinement of the minHash LSH used to approximate the Jaccard similarity, in that OMH is not only sensitive to the k-mer contents of the sequences but also to the relative order of the k-mers in the sequences. We present theoretical guarantees of the OMH as a gapped LSH.

show abstract

“…Recently some authors worked on malware dataset released for kaggle dataset [14]. In the year 2016, Ahmadi et al Drew et al [16] used The Super Threaded Reference Free Alignment-Free Nsequence Decoder (STRAND) classifier to perform classification of polymorphic malware. In their approach, they presented ASM sequence model and obtained accuracy greater than 98.59 % using 10-fold cross-validation.…”

Section: Related Workmentioning

confidence: 99%

Detection of Advanced Malware by Machine Learning Techniques

Sharma

Krishna

Sahay

2018

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

In today's digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. metamorphic malware. In this paper, we study the frequency of opcode occurrence to detect unknown malware by using machine learning technique. For the purpose, we have used kaggle Microsoft malware classification challenge dataset. The top 20 features obtained from fisher score, information gain, gain ratio, chi-square and symmetric uncertainty feature selection methods are compared. We also studied multiple classifiers available in WEKA GUI based machine learning tool and found that five of them (Random Forest, LMT, NBT, J48 Graft and REPTree) detect the malware with almost 100% accuracy.

show abstract

Polymorphic malware detection using sequence classification methods and ensembles

Cited by 45 publications

References 21 publications

BagMinHash - Minwise Hashing Algorithm for Weighted Sets

BagMinHash - Minwise Hashing Algorithm for Weighted Sets

Locality sensitive hashing for the edit distance

Detection of Advanced Malware by Machine Learning Techniques

Contact Info

Product

Resources

About